Hyland Connect

mxc · ‎03-05-2014

Hi all,

What is the best practice for exposing an internal alfresco service for external clients/extranet. The server hosts internal documents as well as documents which the public need access too. I am reluctant to expose the whole port tomcat is listening on to the net and thereby allowing people to attempt to access share/explorer and the myriad of other URLs that are exposed by Alfresco.

Essentially I would like to limit the client to using CMIS or accessing web script only. So they shouldn't even be able to get to the share or alfresco explorer login page nor login to any other service with their webscript/cmis login.

Call me paranoid but it seem every day I find a new url exposing something on Alfresco and its a bit scary to open the web port to an Alfresco server.

Thanks

eswbitto · ‎03-05-2014

Why don't you just create a public website apart from alfresco and in that webpage post links (public links) to the documents you need the public to have access to. FYI…if you didn't know. Each document is given a public link.

They get access to those documents without having to log into alfresco.

mxc · ‎03-06-2014

Thanks will investigate further. I suppose this would still require port 80 etc to be forwarded to Alfresco and hence any URL could be probed. Something I did come across was the possibility of replicating your public content to a staging server in the DMZ and then the risk is greatly reduced. A bit of extra work and cost but sounds much more secure.

Hyland Connect

Securing Alfresco for Access from Public Internet